Posted on

Vicariously mimics another person’s Twitter feed using lists, but it violates Twitter rules

That Vicariously app you might have seen pop up in your twitter feed via a little viral growth hacking has run aground on Twitter’s automation rules. We reached out about it after it started spamming my feed with ‘so and so has added you to a list’ notifications and Twitter says that the app is not in compliance.

Updates below.

To be fair, they did also say they ‘love’ it — but that it will have to find a different way to do what it does.

“We love that Vicariously uses Lists to help people find new accounts to follow and get new perspectives. However, the way the app is currently doing this is in violation of Twitter’s automation rules,” Twitter said in a statement. “We’ve reached out to them to find a way to bring the app into compliance with our rules.”

The app was made by Jake Harding, an entrepreneur who built it as a side project.

The app, which you can find here, enumerates the followers of a target account and builds a list out of the accounts that it follows. This enables you to create lists that are snapshots of the exact (minus algorithmic tweak) feed that any given user sees when they open their app. Intriguing, right?

Well, it turns out Twitter has done this themselves twice before. Once in 2011 and originally waaaay back in 2009. The product had a built in feature that allowed you to just click through and view someone’s follower graph as a feed with a tap.

I was there in 2009 when it was a thing, and I can tell you that it was just flat out cool to see someone else’s graph going by. In the early growing days it was very interesting to see who was following who or what. It sort of taught you how to ‘do’ Twitter when everyone was learning it together. I can see why Harding wanted a duplicate of this in order to re-create this feeling of ‘snapshotting’ someone else’s info apparatus.

Unfortunately, one of the big side effects of the way that Vicariously duplicates this feature using an automated ‘list builder’ is that it spams every person it adds to the list given that Twitter always notifies you when someone adds you to a list and there is no current way to alter that behavior.

So you see a lot of ‘added to their list‘ tweets and notis.

There are also other issues with the way  that Vicariously works to build public lists of people’s follower graphs. There is potential for abuse here in that it could be used to target the people that a targeted account follows. One of the major reasons Twitter killed this feature twice is that the whole thing feels hyper personal. Your Twitter follower graph is something that you, theoretically, curate. Though a lot of people have become more performative with follows and instead, ironically, add the people they want to ‘follow’ to lists.

Having your graph public is something that felt exciting and connective at one point in Twitter’s life. But the world may be too big and too nasty now for something like this to feel really comfortable if it ever spreads beyond the technorati/Twitter power user crowd. We’ll see I guess.

Oh, and Twitter, it is about time you built in a ‘can not be added to lists’ feature. Otherwise, as someone reminded me via DM, you run the risk of making all of the same mistakes as Facebook.

Update July 27th 7:50PM PT. Harding posted some tweets from the official Vicariously account noting that he is adding some privacy controls to the app. He also notes that he’s hoping to work with the Twitter developer relations team to build out the product in a way that prevents abuse.

Read More

Posted on

A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam

A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident.

The account hijacks hit some of the most prominent users on the social media platform, including leading cryptocurrency sites, but also ensnared several celebrity accounts, notably Bill Gates, Jeff Bezos, Elon Musk and Democratic presidential hopeful Joe Biden.

Vice earlier on Wednesday reported details of the Twitter admin tool.

A Twitter spokesperson, when reached, did not comment on the claims. Twitter later confirmed in a series of tweets that the attack was caused by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

A person involved in the underground hacking scene told TechCrunch that a hacker, who goes by the handle “Kirk” — likely not their real name — generated over $100,000 in the matter of hours by gaining access to an internal Twitter tool, which they used to take control of popular Twitter accounts. The hacker used the tool to reset the associated email addresses of affected accounts to make it more difficult for the owner to regain control. The hacker then pushed a cryptocurrency scam that claimed whatever funds a victim sent “will be sent back doubled.”

The person told TechCrunch that Kirk had started out by selling access to vanity Twitter accounts, such as usernames that are short, simple and recognizable. It’s big business, if not still illegal. A stolen username or social media handle can go for anywhere between a few hundred dollars or thousands.

Kirk is said to have contacted a “trusted” member on OGUsers, a forum popular with traders of hacked social media handles. Kirk needed the trusted member to help sell stolen vanity usernames.

In several screenshots of a Discord chat shared with TechCrunch, Kirk said: “Send me @’s and BTC,” referring to Twitter usernames and cryptocurrency. “And I’ll get ur shit done,” he said, referring to hijacking Twitter accounts.

But then later in the day, Kirk “started hacking everything,” the person told TechCrunch.

Kirk allegedly had access to an internal tool on Twitter’s network, which allowed them to effectively take control of a user’s account. A screenshot shared with TechCrunch shows the apparent admin tool. (Twitter is removing tweets and suspending users that share screenshots of the tool.)

A screenshot of the alleged internal Twitter account tool. (Image supplied)

The tool appears to allow users — ostensibly Twitter employees — to control access to a user’s account, including changing the email associated with the account and even suspending the user altogether. (We’ve redacted details from the screenshot, as it appears to represent a real user.)

The person did not say exactly how Kirk got access to Twitter’s internal tools, but hypothesized that a Twitter employee’s corporate account was hijacked. With a hijacked employee account, Kirk could make their way into the company’s internal network. The person also said it was unlikely that a Twitter employee was involved with the account takeovers.

As part of their hacking campaign, Kirk targeted @binance first, the person said, then quickly moved to popular cryptocurrency accounts. The person said Kirk made more money in an hour than selling usernames.

To gain control of the platform, Twitter briefly suspended some account actions — as well as prevented verified users from tweeting — in an apparent effort to stem the account hijacks. Twitter later tweeted it “was working to get things back to normal as quickly as possible.”

Read More

Posted on

Twitter adds a button so you can thread your shower thoughts

Hold that tweet — and add another one.

Twitter is adding a new feature for mobile users to make it easier to link dispersed ‘shower thoughts’ together — and another thing styleee.

Per 9to5Mac, the feature — which Twitter tweeted about yesterday — is slowly rolling out to its iOS app. (At the time of writing we spotted it in Europe.)

The feature lets you pull down as you’re composing a tweet to add to your previous tweet by creating a thread or seeing a ‘continue thread’ option.

Tapping on a three-dots menu brings up an interface of older tweets which you can link the new tweet to — to continue (or kick off) a thread.

The feature looks intended to encourage more threads (from #140 characters to #280 to infinity tweetstorms and beyond!).

It may also be intended to address the broken thread phenomenon which can still plague the information network service. Especially where users are discussing complex and/or nuanced topics. (And Twitter has said it wants to foster healthy conversations on its platform so…)

The shortcut offers an alternative for Twitter users to being organized enough to tweet a perfectly threaded series of thoughts in the first place (i.e. by using the ‘+’ option at the point of composing your tweetstorm).

It also does away with the need to go manually searching through your feed for the particular tweet you want to expand on and then hitting reply to add another.

No, it’s still not an edit button. But, frankly, if you think Twitter is ever going to let you rewrite your existing tweets you should probably think longer before you hit ‘publish’ on your next one.

The ‘continue thread’ option could also be used as a de facto edit option — by letting users more easily append a correction to a preexisting tweet.

Whether the feature will (generally) work as intended — to boost threads and reduce broken threads and make Twitter a less confusing place for newbs — remains to be seen.

Happily it looks like Twitter has thought about (and closed off) one potential misuse risk. We tested to see what would happen if you try to insert a new tweet into the middle of an existing tweetstorm — which would have had the potential to generate more confusion (i.e. if the thread logic got altered by the addition).

But instead of embedding the new tweet in the middle of the old thread it was added at the bottom as a supplement. So you just start a new thread at the bottom of your old thread.

Good job Jack.

TechCrunch’s Romain Dillet contributed to this report 

Source: TechCrunch